def test_create_user_duplicate_fail(self): email = "*****@*****.**" hashed_password = '******' admin = True user.create_user(self.database, email, hashed_password, admin) with pytest.raises(psycopg2.errors.UniqueViolation): user.create_user(self.database, email, hashed_password, admin)
def setUp(self): self.app = expungeservice.create_app('development') self.client = self.app.test_client() with self.app.app_context(): expungeservice.request.before() self.db_cleanup() user.create_user(g.database, self.email, self.hashed_password, False) user.create_user(g.database, self.admin_email, self.hashed_admin_password, True) expungeservice.request.teardown(None)
def setUp(self): self.app = expungeservice.create_app('development') self.client = self.app.test_client() self.app.add_url_rule( '/api/test/user_protected', view_func=UserProtectedView.as_view('user_protected')) self.app.add_url_rule( '/api/test/admin_protected', view_func=AdminProtectedView.as_view('admin_protected')) with self.app.app_context(): expungeservice.request.before() self.db_cleanup() user.create_user(g.database, self.email, self.hashed_password, False) expungeservice.request.teardown(None)
def test_is_admin_auth_token(self): admin_email = 'pytest_admin_user@auth_test.com' admin_password = '******' hashed_admin_password = generate_password_hash(admin_password) with self.app.app_context(): expungeservice.request.before() user.create_user(g.database, admin_email, hashed_admin_password, True) expungeservice.request.teardown(None) response = self.generate_auth_token(admin_email, admin_password) response = self.client.get('/api/test/admin_protected', headers={ 'Authorization': 'Bearer {}'.format( response.get_json()['auth_token']) }) assert (response.status_code == 200)
def test_create_user_success(self): email = "*****@*****.**" hashed_password = "******" admin = True create_result = user.create_user(self.database, email, hashed_password, admin) assert create_result['email'] == email assert create_result['hashed_password'] == hashed_password assert create_result['admin'] == admin assert create_result['user_id'] assert create_result['auth_id'] assert create_result['date_created'] assert create_result['date_modified'] self.verify_user_data(email, hashed_password, admin)
def post(self): """ Create a new user with provided email, password, and admin flag. - If required fields are missing in the request, return 400 - Password must be 8 or more characters long. Otherwise return 422 - Email must not already be in use by an existing user. Otherwise return 422 If success, return 201 with the new user's email, admin flag, and creation timestamp. """ data = request.get_json() if data == None: error(400, "No json data in request body") #print("data received by Users.post():", data) check_data_fields(data, ['email', 'name', 'group_name', 'password', 'admin']) if len(data['password']) <8: error(422, 'New password is less than 8 characters long!') password_hash = generate_password_hash(data['password']) try: create_user_result = create_user(g.database, email = data['email'], name = data['name'], group_name = data['group_name'], password_hash = password_hash, admin = data['admin']) except UniqueViolation: error(422, 'User with that email address already exists') response_data = { 'email': create_user_result['email'], 'admin': create_user_result['admin'], 'timestamp': create_user_result['date_created'], } # user_id is not required by the frontend here so it is not included. # other endpoints may expose the user_id e.g. for other admin user-management operations. return jsonify(response_data), 201